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^ (57) Abstract: A symmetric key cryptographic method is provided for short operations. The method includes batching a plurality of 
operation parameters (1503), and performing an operation according to a corresponding operation parameter (1505). The symmetric 
O key cryptographic method is a Data Encryption Standard (DES) method. The short operations can be less than about 80 bytes. The 
^ short operations can be between 8 and 80 bytes. The method includes reading the batched parameters from a dynamic random t 
^ memory (1504), and transmitting each operation through a DES engine according to the operations parameter (1505). 
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For two-letter codes and other abbreviations, refer to. the "Guid- 
ance Notes on Codes and Abbreviations" appearing at the begin- 
ning of each regular issue of the PCT Gazette. 
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IMPROVING DES HARDWARE THROUGHPUT FOR SHORT OPERATIONS 

This a non-provisional application claiming the benefit of provisional application 
serial No. 60/201,002, filed May 1, 2000. 

5 Tp.chnjna1 Fiftlri 

The present invention relates to cryptographic support, and more particularly to 
cryptographic support for short operations. 
Background Art 

Data Encryption Standard (DES) is a widely-used method of data encryption using 
10 private keys. There are 72 quadrillion or more possible encryption keys under the DES that 
can be used for protecting packets between parties over electronic networks. For each packet 
or message, a key is chosen at random. Like other symmetric key cryptographic methods, 
both the sender and receiver need to know and use the same private key. 

DES applies a 56-bit key to each 64-bit block of data. The process can run several 
. 15 modes and includes 16 rounds of operations. Although this is considered strong encryption, 

i 

many companies use triple-DES (TDES), which applies three keys in succession to each 
packet. 

DES originated at IBM in 1977 and was adopted by the U.S. Department of Defense. 

It is specified in the ANSI X3.92 and X3.106 standards and in the Federal Information 

■« 

20 Processing Standards (FIPS) 46 and 81 standards. 

Typically, cryptographic methods focus on large packets (greater than about 80 
bytes). However, when a DES system is used for smaller packets, the performance may drop 
by an order of magnitude. 
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Therefore a need exists for a system and method of cryptographic support for DES 
operations which has high throughput for long (>80 bytes) and shorter packets. 
Disclosure of foe ligation 

According to an embodiment of the present invention, a symmetric key cryptographic 
5 method is provided for short operations. The method includes batching a plurality of 

operation parameters, and performing an operation according to a corresponding operation 
parameter. The symmetric key cryptographic method is a Data Encryption Standard (DES) 
| method. The short operations can he less than about 80 bytes. The short operations can be 

I between 8 and 80 bytes. 

I 10 The method includes batching the plurality of operation parameters and a plurality of 

{ DES operation into a single request, calling DES for each operation in the request, and 

i ■ "■ • 

j performing DES for each operation separately according to the corresponding operation 

I 

| parameter. 

i 

The method further includes batching the plurality of operation parameters and a 
15 plurality of DES operations into a single request, calling DES for the batched operations, and 
performing DES for each operation separately according to the corresponding operation 
parameter. Each request is performed with a chip reset, a key and an initialization vector. 
Calling the DES for the batched operations further comprises switching a context for the 
batched operations. The context switch is between an application layer and a system software 
20 layer. 

The method includes reading the batched parameters from a dynamic random access 
memory, and transmitting each operation through a DES engine according to the operations 
parameter. 
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According to an embodiment of the present invention, a method is provided for 
improved DES short operation throughput. The method includes bat ching a plurality of 
operation parameters, each operation parameter corresponding to an operation, reading the 
batched operation parameters into a dynamic random access memory, and transxnitting each 
5 operation through a DES engine according to the operations parameter. The DES is 

external-to-extemal and an output for each operation is transmitted separately. The short 
operation can be less than about 80 bytes. The short operation can be between 8 and 80 
bytes. 

| According to an embodiment of the present invention, a symmetric key cryptographic 

f 

1 0 method is provided for operations between about 8 and about 80 bytes in length. The method 

i 

\ includes providing a key index to an engine, and pumping the operations through the engine 

| in bulk wherein a central processing unit does not handle the bytes. The engine is a DES 

j engine. 

The method includes resetting an engine chip for an operation, reading an 
15 initiali za tion vector, and loading the initialization vector into the engine chip. The method 
further includes determining a key from the key index, loading the key into the engine chip, 
and reading a data length for the operation. 

The method includes transmitting the data length through an Input channel into the 
engine chip, and transmitting the data length through an Output channel. The channels are 
20 FIFOs. 

Brief Description of Drawings 

Preferred embodiments of the present invention will be described below in more 
detail, with reference to the accompanying drawings: 
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Fig, 1 is a diagram of the DES architecture according to an embodiment of the present 
invention; 

Fig. 2 is another diagram of the DES architecture according to. an embodiment of the 
present invention; 

5 Fig. 3 is still another diagram of the DES architecture according to an embodiment of 

the present invention; 

Fig. 4, is yet another diagram of the DES architecture according to an embodiment of 
the present invention; 

Fig. 5 is a diagram of the FIFO structure supporting DES/TDES with a coprocessor 
10 according to an embodiment of the present invention; 

Fig. 6 is another diagram of the FIFO structure supporting DES/TDES with a 
( coprocessor according to an embodiment of the present invention; 

i 

j Fig. 7 is still another diagram of the FIFO structure supporting DES/TDES with a 

F 

coprocessor according to an embodiment of the present invention; 
15 Fig. 8 is yet another diagram of the FIFO structure supporting DES/TDES with a 

coprocessor according to an embodiment of the present invention; 

Fig. 9 is a further diagram of the FIFO structure supporting DES/TDES with a 
coprocessor according to an embodiment of the present invention; 

Fig. 10 is a diagram of the FIFO structure supporting DES/TDES with a coprocessor 
20 according to an embodiment of the present invention; 

Fig. 1 1 is a flow diagram of an application handling two operations as separate 
sccRequests according to the prior art; 

Fig. 12 is a flow diagram illustrating a batched host-card interaction according to an 
embodiment of the present invention; 
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Fig. 13 is a flow diagram of multiple operations batched into a single call according 
to an embodiment of the present invention; 

Fig. 14 is a flow diagram of a method which reduces data transfers for each operation 
according to an embodiment of the present invention; 
5 Fig. 15 is a flow diagram of a method which batches parameters for all operations 

into a block according to an embodiment of the present invention; and 

Fig. 16 is a graph illustrating DES speeds for various embodiments of the present 
invention. 

Best Mode for Carrying Out the Invention 

10 The present invention provides a system and method for cryptographic support which 

has high throughput for long and short'DES operations. According to an embodiment of the 
present invention, the system includes a multi-chip embedded module, packaged in a : 
Peripheral Component Interconnect (PCI) card In .addition to cryptographic hardware and 
circuitry for tamper detection and response, a general-purpose computing environment is 

15 provided including a central processing unit, and executing software stored in ROM and/or 
Flash memory. 

Referring to Fig. 1, the multiple-layer software architecture of the client 101 and the 
host 105 is shown. The client-side includes foundational security control in Layers 0 and 1 
102, a supervisor-level software system in Layer 2 103, and a user-level software application 
20 in Layer 3 104. Layer 2 103 supports application development. Within Layer 2 103, a kernel 
provides the operating system abstractions of multiple processes and address spaces; these 
abstractions support independent managers, which handle cryptographic hardware and other 
input/output (I/O) on the bottom, and provide higher-level application program interfaces 
(APIs) to the Layer 3 application 104. An API is the specific method prescribed by a 
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computer or by another program by which a programmer writing an application program can 
make requests of the operating system or another application. Typically, the Layer 3 
application 104 in turn provides an abstraction of its own API to a host>side application 107. 
The host-side 105 includes a device driver 106 and a host application 107. According 
5 to Fig. 2, for the Layer 3 application 104 to use a service provided by the card-side 

application, the host-side application 107 issues a call to the host-side device driver 106. The 
device driver 105 opens an sccRequest 108 to the Layer 2 system 103 on the device. 
Layer 2 103 informs the Layer 3 application 104 resident on the device of the existence of 
the request, and the parameters the host sent along with the request. 

10 According to Figs. 3 and 4, the Layer 3 application 104 handles the host application's 

request for service, for example, it can direct Layer 2 103 to transfer data 109 to the device 
driver 106 and perform the needed cryptographic operations. The Layer 3 application 104 
closes out the sccRequest 1 1 0 and sends the output back 11 1 to the host application 107. 
According to an embodiment of the present invention, a device for fast cryptography 

15 is provided. The device includes a coprocessor having a central processing unit (CPU), at 
least two levels of internal software and at least three data paths. The software levels can 
include an operation system or kernal level and an application leveL The data paths can 
include an external to internal memory and/or CPU path, an internal memory and/or CPU to 
a symmetric engine path, and a channel between the external system and the symmetric 

20 engine. The channel can be a first-in first-out (FIFO). According to an embodiment of the 
present invention, the device includes a FIFO state machine. The FIFO state machine 
structure transports or drives data into and out of the method engine. 

It should be noted that while the present invention is presented in terms of a 
symmetric cryptographic function (e.g., DES), the invention contemplates any parameterized 
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function on variable length data! Thus, DES is provided as an example of an embodiment of 
the present invention and given* the teachings of the present invention provided herein, one of 
ordinary skill in the related art will be able to contemplate these and similar implementations 
or configurations of the present invention. 
5 Referring to Fig. 5, the FIFO structure works with the DES/TDES engine 500. The 

present invention is described according to an IBM 4758 coprocessor, specifically Models 
002/023 PCI cryptographic coprocessors, however, given the teachings of the present 
invention provided herein, one of ordinary skill in the related art will be able to contemplate 
these and similar implementations or configurations. 
10 In Model 2 hardware, the FIFO structure also supports fast Secure Hash Algorithm 1 

(SHA-1); though the structure may be "applied to any method engine. 

For both input and output, two pairs of FIFOs 501-504, a PCI FIFO pair 501-502 and 
an internal FIFO pair 503-504 are provided for external and internal transfer, respectively, as 
well as a Direct Memory Access (DMA) controller 505-506 for CPU-free transfer into and 
15 out of internal dynamic random access memory (DRAM) 507. 

The internal CPU 508 selects which data paths to activate, and what key, initialization 
vector (TV) 3 and other operational parameters the DES engine 500 may use, via control 
registers (not shown). The IV is generated by a random number generator, typically included 
in the Layer 2 system, and combined with the unencryted text and the key. The key is a 
20 variable value applied to a block of unencrypted text to produce encrypted text 

Configurations of the DES engine 500 include bulk external-to-external DES (shown 
. in Fig. 8), bulk internal-to-internal DES (output DMA 506 to internal input FIFO 503 to DES 
500, then back through the Internal Output FIFO 504 and PCI Output FIFO 502), and DMA 
transfer (e.g., PCI input FIFO 501 to internal input FIFO 503 to input DMA 505 and from the 

7 


PAGE 13/70 * RCVD AT 7/25/2006 11:22:03 PM [Eastern Daylight Time] ■ SVR:USPTO-EFXRF-1/11 * DMS:2738300 • CSID:661-460-1986 * DURATION (mm-ss):44-04 


7/25/2006 9:22 PM FROM: 661-460-1986 Huffman Patent Group, LLC TO: 1-571-273-8 300 PAGE: 014 OF 070 


I WO 01/84769 PCT/US01/13927 

| Output DMA Controller 506 to the Internal Output FIFO 504 and to the PCI Output FIFO 

502). Further, the DES hardware can be configured in a bypass mode in which the 

! 

commercial Layer 2 system does not use the hardware. 

One constraint on the system is that either both internal FTFO-DES paths need be 
5 selected (bulk mode), or neither is to be selected. Another constraint is that the FIFO 

configurations cannot be altered until data transfer is paused, and the state machine driving 
the FIFOs will transfer data asynchronously until resources are exhausted, 
: The internal CPU 508 can configure the FIFO hardware to support card applications 

in various ways. For example, Fig. 6 depicts a configuration in which the FIFOs bring data 
10 into the card via the DMA, such as when the host application opens up a sccRequest to 
the card application. Data passes from the PCI Input FIFO 501 to the Internal Input FIFO 503 
via 601, to the Input DMA Controller 505 via 602, to the DRAM 507 via 603 and 604. 

Referring to Fig. 7 depicting a DES request, the card may transfer the operational 
parameters from the DRAM 507 into the DES chip 500. The internal CPU 508 loading 
15 operational parameters into the .DES chip 500 from ihe DRAM 507 via lines 701-703. 

According to Fig. 8, if tfre DES request is for external-to-external DES, the card will 
configure the FIFOs to bring the date, in from the host, through the DES chip 500 and back to 
the host The CPU 508 can configure the FIFOs 501-504 to stream data from the host, 
through the DES chip and back to the host via lines 801-804. 
20 Additionally, if the DES request is for internal-to-intenial DES and is determined to 

be too short for DMA, the card may manually push the data bytes through. The CPU 508 can 
drive data from the DRAM 507 through the DES/TDES engine via programmed I/O and 
lines 901-904. 
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As depicted in Fig. 10, when, the sccReques t is complete, the card may send the 
results back to the host via DMA. The internal CPU 508 can configure the FIFOs to. send 

data from the DRAM 507 back to the host via the DMA and lines 1001-1004. 

■ *i 

The present invention proposes methods for increasing the throughput of short DES 
5 operations. The methods used for evaluating the present invention included, DES operations 
including cipher block chaining (CBC) encrypt and CBC-decrypt, with data sizes distributed 
uniformly at random between S and 80 bytes. Chaining is a method which depends the 
decryption of a block of cipher text on all preceding blocks. The IVs and keys changed with 
each operation; the keys are tripple-DES (TDES) encrypted with a master key stored inside 

1 0 the device. Encrypted keys, IVs and other operational parameters are sent in with each 

operation, but are not counted as part of the data throughput. Although the keys may change 
with each operation, the total number of keys is small, relative to the number of requests. 
Referring to Fig. 16, the speeds obtained for DES operations are shown for various 
embodiments of the present invention. Using Model 1 hardware a speed indicated by 1601 

15 was achieved. 

A baseline implementation was established using a Model 2 prototype for the 
following embodiments. According to Fig. 1 1, the host application handles each operation 
1 101-1 102 as a separate sccRequest 1 103-1 104 with Programmed Input/Output (PIO) 
DES. The implementation includes the host application which generates sequences of 

20 short-DES requests (cipher key, IV, data) and the card-side application. The card-side 
application catches each request, unpacks the key, sends the data, key, and IV to the DES 
engine, and sends the results back to the host. Keys were randomly chosen over a set of 
cipher keys. Caching keys inside the card reduced the extra TDES key decryption step and 
increased the speed 1602. 
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According to an embodiment of the present invention, the short-DES performance 
can be enhanced by reducing the host-card interaction. Referring to Fig. 12, this includes 
batching a large sequence of short-DES requests into one sccRequest 120L The card-side 
application was modified accordingly to receive the sequence in one step, process each 
5 operation 1202-1205, and send the concatenated output back to the host in one step 1206. 
The Layer 3 application calls DES for each operation 1202 and 1204. Layer 2 performs the 
DES for each operation separately 1203 and 1205. Speeds obtained for the benchmark data 
above where between about 18 to 23 kilobytes/second and up to 40 kilobytes/second with 
key catching 1603. 

1 0 According to an embodiment of the present invention, by eliminating the DES chip 

reset for each operation the short-DES performance may be increased 1604. By generating a 
sequence of short-DES operation requests that all use one key, one direction (decrypt or 
encrypt), and IVs of zero (although the IVs may be arbitrary), a speed of about 360 
kilobytes/second can be achieved. The card-side application receives the operation sequence 

1 5 and sends the operation sequence to the Layer 2 system. In Layer 2, a modified DES 

Manager (the component controlling the DES. hardware) sets up the chip with the key and an 
IV of zero, and transmits the data through the chip. The end of each operation, the DES 
Manager performs an exclusive-or (XOR) to break the chaining. For example, for encryption, 
the software manually XOR's the last block of cipher text from the previous operation with 

20 the first block of plain text for the operation, in order to cancel out the XOR that the chip 
would do. 

According to the batching method, besides reducing the number of chip resets, the 
number of context switches between the Layer 3 and Layer 2 is reduced from 0(n) to O(l), 
where n is the number of operations in the batch. Referring to Fig. 13, according to another 

10 
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i . 

I embodiment of the present invention, by using the multi-key, non-zero-IV setup (results 

shown as 1603), the card-side application 1302 was altered to send batched requests 1301 to 
| a modified DBS Manager (Layer 2) 1303-1304, thus reducing the number of context 

! switches. The card-side application 1302 calls DES for the batched operations. The modified 

5 DES Manager 1303-1304 processes each request with a chip reset and a new key and IV. The 
requests are sent to the host 1305. The results obtained using the modified DES Manager 
1303-1304 are shown as 1604 in Fig. 16. 

I According to yet another embodiment of the present invention, the FIFO state 

I 

i machine pumps data bytes through DES in a bulk mode. Thus, the CPU does not handle the 

10 data bytes. According to the prior methods, each byte of the cipher key, IV, and data was 
handled many times. The bytes came in via FIFOs and DMA into the DRAM with an initial 
sccRequest buffer transfer. "The CPU takes the bytes out of DRAM and puts them into the 
DES chip. The CPU takes the data out of the DES chip and puts it back into DRAM. The 
CPU sends the data back to the host through the FIFOs. Accordingly, by reducing the number 
15 of data transfers the throughput can be increased 1605. Key unpacking is eliminated as a 
built-in part pf the API. Each application may have a unique method of unpacking, making 
... the API unpacking redundant; Within each application an initialization step concludes with a 
plain text key table resident in the device DRAM. The operation lengths were standardized to 

Kt 

40 bytes. In addition, the host application was modified to generate sequences of requests 
20 that include an index into the internal key table, instead of a cipher key. Thus, the card-side 
application 1401 calls the modified DES Manger 1402 and 1407 and makes the key table 
1403 and 1408 available to it, rather than immediately bringing the request sequence from 
the PCI Input FIFO into DRAM. For each operation the modified DES Manager 1402 and 
1407 resets the DES chip; reads the IV and loads it into the chip; reads and sanity checks the 
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key table, looks up the key, and loads it into the chip; and reads the data length for the 
operation. The modified DES Manager sets up the state machine to transmit that number of 
bytes through the Input FIFOs into the DES chip then back out the Output FIFOs 1404-1406 
and 1409-141 1; The card-side application closes out the request 1412. The results are shown 
5 as 1605 in Fig. 16. 

According to an embodiment of the present invention, The number of Industry 
Standard Architecture (ISA) I/O instructions was increased (doubled) which reduced the 
throughput by half, showing a correlation between the ISA I/O instructions and the 
throughput speed. The modified DES Manager described above (with respect to 1605 and 

10 Fig. 14) was then modified to use memory-mapping I/O ports instead of ISA I/O when 
available (the hardware used diJ not provide memory mapped I/O ports for all instances). 
The software was also modified to eliminate any spurious FIFO reads caused by certain state 
machine polling intermittently. The results are shown as 1606 in Fig. 16* 

Referring to Fig. 15, by batching the parameters together, the parameters can be read 

15 via memory-mapped operations* allowing modification of the FIFO configuration and the 
processing of the data. Layer 3 calls f)ES for the batched operations 1501 . The host 
application batches the per-operation parameters into one group 1503, attached to the input 
data. The modified DES Manager sets up the Internal FIFOs and the state machine to read lie 
batched parameters, by-passing the DES chip 1502; reads the batched parameters via 

20 memory-mapped I/O from the Internal Output FIFO into DRAM 1 504 and 1 508; 

reconfigures the FIFOs; and, using the buffered parameters, sets up the state machine and the 

• *• 

DES chip to transmit each operation *s data 1 5 06 and 1510 from the input FIFOs, through the 

DES, then back out the Output FIFOs 1505, 1507 and 1509 and 1511. Layer 3 closes out the 

12 
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request 1512, The results are shown in 1607 in Fig, 16. The accuracy of the method may be 
increased by accessing the IV and data length registers through the ISA method 1608. 

According to the present invention, the short-DES speed can be determined according 
to the following relationship: . 

C\ - Batches + C2 * Batches ■ Ops 4- C3 « Batches » Ops • DataLen 
Batches ■ Ops - DataLen 

where Batcfies is the number of host-card batches, Ops is the number of operations per batch, 

DataLen is the average data length per operation, and C7, C?, and C3 are unknown constants 

representing the per-batch per-ojperation and per-byte overheads, respectively. 

The present invention contemplates eliminating the per-batch overhead Ci by 

10 modifying the host device driver-Layer 2 interaction to enable indefinite sccRequest, with 
added polling or signaling to indicate when additional data is ready for transfer. The 
per-operation overhead Cz may.]be reduced by minimizing the number of per-operation 
parameter transfers. For example, the host application may, within a batch of operations, 
interleave parameter blocks that assert arguments such as, the next N operations all use a 

15 particular key. This method eliminates bringing in and reading the key index for each 

iteration. Another example can includes the host application processing the TVs before or 
after transmitting the data to the card. This is not a security issue if the host application is 
trusted to provide the IVs. The^method eliminates bringing in the IVs and, because the DES 
chip has a default IV of zeros after reset 3 eliminates loading the IVs. 

20 According to another embodiment of the present invention, per-operation overhead 

may be reduced by redesigning the FIFOs and the state machine. By modifying the DES 
engine to expect data-input to include parameters interleaved with data, then the 
per-operation overhead C 2 mayapproach the per-byte overhead Cj. The state machine 
handles fewer output bytes than input bytes and the CPU controls the class of engine 

13 
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f 

I 

| operations over which the parameters, for example, chosen externally, are allowed to range. 

j 

] For example, the external entity ;piay be allowed to choose only certain types of encryption 

operations. Further, the CPU may insert indirection on the parameters the external entity 
chooses and the parameters the engine see, e.g., the external entity provides an index into an 
5 internal table. , 

j Having described embodiments of a system and method of cryptography, it is noted 

< 

j that modifications and variations can be made by persons skilled in the art in light of the 

[ above teachings. It is therefore to be understood that changes may be made in the particular 

embodiments of the invention disclosed which are within the scope and spirit of the invention ' 
j 10 as defined by the appended claims. Having thus described the invention with the details and 

particularity required by the patent laws, what is claims and desired protected by Letters 

Patent is set forth in the appended claims. 

i ' • ' ' 

! " • ' ' ■ ■ • ■ ' ■ ' 

I •■ ' 
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What is claimed is: 

i. A symmetric key cryptographic method for short operations comprising the steps of: 
batching a plurality of operation parameters; and 

performing an operation according to a corresponding operation parameter. 

5 

2« The method of claim 1 3 wherein the symmetric key cryptographic method is a Data 
Encryption Standard (DES) method 

3. The method of claim 1, wherein the short operations are less than about 80 bytes. 

10 

4. The method of claim 1, wherein the short operations are between 8 and 80 bytes. 

5. The method of claim 1, further comprising the steps of: 

batching the plurality of operation parameters and a plurality of DES operation into a 
15 single request; 

calling DES for each operation in the request; and 

performing DES for each operation separately according to the corresponding 
operation parameter. 

20 

6. The method of claim 1, further comprising the steps of: 

batching the plurality of operation parameters and a plurality of DES operations into a 
single request, 

15 
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calling DES for the batched operations; and 

performing DES for each operation separately according to the corresponding 
operation parameter, 

5 7. The method of claim 6, wherein each request is performed with a chip reset and a key 
and an initialization vector. 

8. The method of claim 6, wherein the step of calling the DES for the batched operations 
further comprises switching a context for the batched operations. 

10 

9. The method of claim 8, wherein the context switch is between an application layer 
and a system software layer. 

10. The method of claim 1, further comprising the steps of: 

15 reading the batched parameters from a dynamic random access* memory; and 

transmitting each operation through a DES engine according to the operations 
parameter. 

11. A method for improved DES short operation throughput comprising the steps of: 

20 batching a plurality of operation parameters* each operation parameter corresponding 

to an operation; 

reading the batched operation parameters into a dynamic random access memory; and 
transmitting each operation through a DES engine according to the operations 
parameter* 

16 
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12. The method of claim 10, wherein the PES is external-to-external and an output for 
each operation is transmitted separately. 

5 13. The method of claim 10, wherein the short operation is less than about 80 byteis. 

14 The method of claim 10, wherein the short operation is between 8 and 80 bytes. 

15 A symmetric key cryptographic method for operations between about 8 and about 80 
10 bytes in length comprising the steps of: 

providing a key index to an engine; and 

pumping the operations through the engine in bulk wherein a central processing unit 
does not handle the bytes. 

15 16 The method of claim 1 5 wherein the engine is a DES engine. 

17 The method of claim 15 further comprising the steps of: 
resetting an engine chip for an operation; 
reading an initialization vector; 
20 loading the initialization vector into the engine chip; 

determining a key from the key index; 
loading the key into the engine chip; and 
reading a data length for the operation. 

17 
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1 8 The method of claim 17 further comprising the steps of: 

transmitting the data length through an Input channel into the engine chip; and 
transmitting the data length through an Output channel. 

5 19, The method of claim 18, wherein the channels are FIFOs. 


18 


PAGE 24/70 * RCVD AT 7/25/2006 11:22:03 PM [Eastern Daylight Time) * SVR:USPTO-EFXRF-1/11 * DNIS:2738300 * CSID:661*60-1986 * DURATION (mm-ss):44-04 


7/25/2006 9:22 PM FROM: 661-460-1986 Huffman Patent Group, LLC TO: 1-571-273-8300 PAGE: 025 OF 070 

WO 01/84769 PCT/US01/13927 


1/11 



FIG.l 


101 




Layer 3: 
Application 




Layer 2: 
System Software 





(Layer 0,1: 
Security Control) 




Client 


104 


103 


102 



Host 


101 


Layer 3: 
Application 


Layer Z 
System Software 


FIG. 2 


(Layer 0,1: 
Security Control) 


Client 


104 


103 


102 


SI IRSTITUTE SHEET fRULE 261 

PAGE 25/70 • RCVD AT 7/25J2000 11:22:03 PM [Eastern Daylight Time] • SVR:USPTO-EFXRF-1H 1 * DNIS:2738300 • CSID:O61-460-1986 ' DURATION (mm«ss):44-04 


7/25/2006 9:22 PM FROM: 661-460-1986 Huffman Patent Group, LLC TO: 1-571-273-8300 PAGE: 026 OF 070 

WO 01/84769 PCTAJS01/13927 

2/11 


r 


105 


101 




107 





Host 
Application 




Layer 3: 
Application 




106 


t 


Device 




Layer 2: 



Driver 


^109 


System Software . 












(Layer 0,1: 
Security Control) 








104 


103 


102 


Host 


Client 



s ^ === j| 104 

ft 


Layer 3: 
Application 


Layer 2: 
System Software 


(Layer 0,1: 
Security Control) 


10S 


102 


Host 


FIG. 4 


Client 


PAGE 26/70 * RCVD AT 7/25/2006 11:22:03 PM [Eastern Daylight TlmeJlWR:USPTO^FXRF : 1/11.* pNIS:_2_7.38300/_CSID:66 1*60-1 986 , * DURATION (mm-ss):44-04 


7/25/2006 9:22 PM FROM: 661-460-1986 Huffman Patent Group, LLC TO: 1-571-273-8300 PAGE: 027 OF 070 

WO 01/84769 PCT/US01/13927 


3/11 


^501 

In 


PCI 

Input FIFO 
1 


PCI 
Output FIFO 


502 


503 



Internal 
Output FIFO 



505 ^-508 

<=r-fh 


Input DMA 
Controller 


DES/TDES 
Engine 


Output DMA 
Controller 


504 


FIG. 5 


DRAM 



< > 


CPU 


f501 

in 


PCI 
input FIFO 


PCI 
Output FIFO 

^502 



$03 


Input DMA 
Controller 


DES/TDES 
Engine 


7 



Internal 
Output FIFO 


Output DMA 
Controller 


504 



< — ► 


M3 

fj 


CPU 


DRAM 


506 ^500 x e04 


FIG. 6 


SUBSTITUTE SHEET (RULE 261 

PAGE 27/70 * RCVD AT 7/25/2006 11:22:03 PM [Eastern Daylight Time] • SVR:USPTO-EFXRF-1/11 • DNIS:2738300 ' CSID:661-460-1986 • DURATION (mm-ss):44-04 


7/25/2006 9:22 PM FROM: 661-460-1986 Huffman Patent Group, LLC TO: 1-571-273-8300 PAGE: 028 OF 070 

WO 01/84769 PCTYUS01/13927 


4/11 



PAGE 28/70 * RCVD AT 7/25/2008 11:22:03 PM [Eastern Daylight Time] ISVRUSPTp^ FXRF- im^ ^ * DURATION (mm-S5):44-04 


7/25/2006 9:22 PM FROM: 661-460-1986 Huffman Patent Group, LLC TO: 1-571-273-8300 PAGE: 029 OF 070 

WO 01/84769 *CT/US01/13927 


5/11 



SilRSTITI ITP ftWFPT /Ol II 1= 

PAGE 29/70 4 RCVD AT 7/25/2006 1 1:22:03 PM [Eastern Daylight Time] * SVR:USPTO-EFXRF-1/11 * DNIS:2738300 * CSlD:661-460-1986 * DURATION (mm-ss):44-04 


7/25/2006 9:22 PM FROM: 661-460-1986 Huffman Patent Group, LLC TO: 1-571-273-8300 PAGE: 030 OF 070 

WO 01/84769 PCT/US01/13927 



PAGE 30/70 * RCVD AT 7/25/2006 11:22:03 PM [Eastern Daylight Tlmel_*_syR:ySPTp^.FXRF : im • DNI8:273_8300 *_CSID:661 460-1 086 * DURATION (mm-ss):44-04 


7/25/2006 9:22 PM FROM: 661-460-1986 Huffman Patent Group, LLC TO: 1-571-273-8300 PAGE: 031 OF 070 

WO 01/84769 PCT7US01/13927 


7/11 


o _ 



CO 

a> 

i 


o cx 


CO 

E L.<N 


CO 

g.- 2 o 


SI IRfSTlTl ITF RHPFT /Rl II P Ofil 

PAGE 31/70 * RCVD AT 7/23/2006 1 1:22:03 PM [Eastern Daylight Time] * SVR:USPTO-EFXRF-1/1 1 * DNIS:2738300 * CSID:661460-1 988 * DURATION (mm-ss):44-04 


7/25/2006 9:22 PM FROM: 661-460-1986 Huffman Patent Group, LLC TO: 1-571-273-8300 PAGE: 032 OF 070 

WO 01/84769 *CT/US01/13927 

8/11 


=3 185 O 

o 


£- o a. 
3 ^ O 


8 





1 

parms i 

for 1 
0p2 | 


.s ^~ O 


CO 

y 


ta CO 


CO 
CD 

on 

o 
o 

CO 


&4 


PAGE 32/70 * RCVD AT 7/25/2006 1 1 : 22:03 PM [Eastern Daylight TlmeJ LSVR^PTO-EFXRF-jUl I^DNIS: 2 738300 * CSID:66 1-460-1 986 * DURATION (mm-ss):44-04 


7/25/2006 9:22 PM FROM: 661-460-1986 Huffman Patent Group, LLC TO: 1-571-273-8300 PAGE: 033 OF 070 

WO 01/84769 PCT/US01/13927 


9/11 





3 CSI 





FIFOs do 
imakxtei 
ESforOp 

». 

output 
for 
0p2 

► 










layer 2 reads 
In parms for 0p2, 
and sets up DES 

parms 
for 
0p2 

: . 




9 


ifi 

CD 

cr 


DO 




■s J§- 
<s I* 




, ; > 

"i 




CO 


Bob. 


Vr 


8. 


•eg- 


V 


<*£co 

CM cn eg 
S> g « 


CO .O "m 
aS CO "S 



5*1 IRftTITI ITF RMPPT /Rl II P 

PAGE 33/70 • RCVD AT 7/25/2006 11:22:03 PM [Eastern Daylight Time]* SVR:USPTO-EFXRF-1H1 * DNIS:2738300 * CSID:661«eo-1988 • DURATION (mm-ss):44-04 


7/25/2006 9:22 PM FROM: 661-460-1986 Huffman Patent Group, LLC TO: 1-571-273-8 300 PAGE: 034 OF 070 

WO 01/84769 PCT/US01/13927 

10/11 



PAGE 34/70 ■ RCVD AT 7/25/2006 11:22:03 PM [Eastern Daylight Time].- SyR;ySPTp^FXRF : 1/11 DM8:2738300 * CSID:661 -460-1 986 • DURATION <mm-ss):44-04 


7/25/2006 9:22 PM FROM: 661-460-1986 Huffman Patent Group, LLC TO: 1-571-273-8300 PAGE: 035 OF 070 

WO 01/84769 PCT/US0 1/13927 


11/11 



7/25/2006 9:22 PM FROM: 661-460-1986 Huffman Patent Group, LLC TO: 1-571-273-8300 PAGE: 036 OF 070 


INTERNATIONAL SEARCH REPORT 

International application No. 


PCT/US01/13927 

A. CLASSIFICATION OF SUBJECT MATTER 


IPC(7) :H04L 9/06 


US CL : 380/29 


According to International Patent Classification (IPC) or to both national classification and IPC 


B. FIELDS SEARCHED 


Minimum documentation searched (classification system followed by classification symbols) 
U.S. : 380/29; 37 

Documentation searched other than minimum documentation to the extent that such documents are included in the fields searched 


Electronic data base consulted during the international search, (name of data base and, where practicable, search terms used) 
APS: BATCH PROCESSING, DES, ENCRYPTION 


BOCUMENTS CONSIDERED TO BE RELEVANT 


Category* 


X 


X 


Citation of document, with mdication, where appropriate, of the relevant passages 


US 5,548,648 A (YOKKE-SMTTH) 20 AUGUST 1996, Figure 6 and 
column 5, line 27 thru column 6, line 10. 

US 5,818,939 A (DAVIS) 06 OCTOBER 1998, Figure 3 and 
column 3, line 46 thru column 4 a line 56. 

US 5,809,147 (DE LANGE et al) 15 SEPTEMBER 1998, column 2, 
lines 31-43. 

US 4,731,843 A (HOLMQUIST) 15 MARCH 1988, column 1, line 
59thru column 2, line 21, 


Relevant to claim No. 


1-6 and 11-16 
1-6 and 11-16. 
1, 11 and 15. 
1, 11 and 15. 


[ 1 Further documents are listed in the continuation of Box C. | \ See parent family annex. 


Special categories of c 


"A" 


document defining the general state of the art winch is not c 
to tre of particular relevance 


nidcred 

■V* 

earlier document published oil or after the mteroatxonal filing date 

document whicb may throw doubts on priority claim (s) or which is 
cited to establish the publication dare of another c italic a or other 
special reason (as specified) * 

document referring to an oral disclosure, use, exhibition or other 
means 

document published prior to the internadonal filing date but later than '&* 


later document published after the International filing date or priority 
date and not in conflict with the application but cited to understand the 
principle or theory underlying the invention 

document of particular relevance; the claimed invention cannot be 
considered novel or cannot be considered to involve an inventive step 
when the document Is taken alone 

document of particular relevance; rhe claimed invention cannot be 
considered to involve an inventive step when the document is 
combined with one or more other such documents, such combination 
being obvious to a person skilled in too art 

document member of the same patent family 


Date of the actual completion of the international search 
24 AUGUST 2001 

Dare of mailing of the international search report 

14 SEP 2001 

Name and mailing address of the ISA/US 
Commissioner of Patents and Trademarks 
Box PCT 

Washington, D.C 20231 
Facsimile No. (703)305-3230 

Authorized officer 

GILBERTOBABRO^Waa. # /fegfe^ 
Telephone No. (703) ;505-3900 


PAGE 36/70 * RCVD AT 7/25/2006 11 :22:03 PM [Eastern Daylight Time] * SVR:USPTO-EFXRF-1/11 * DN1S:2738300 ■ CSlD:66 1-460-1 986 * DURATION (mm-ss):44-04 


